News & Insights

How to address the security risks created by big data

Australian organisations are collecting and storing a growing amount of data which is making them an attractive target for local and international cybercriminals.

Never before has so much information been so readily available to organisations. Businesses that have worked out how to aggregate and analyse that data effectively are reaping benefits such as better, faster decision-making, improved understanding of customer behaviour, and the ability to predict some future events. However, most organisations don’t seem to have addressed the security challenges posed by big data.

The more data your organisation possesses, the more likely it is to be a target for attack. This is especially true if you collect and store sensitive information such as credit card details, mailing addresses, passwords, and so on; cybercriminals can gain big financial rewards once they have their hands on this data.

Organisations that suffer a breach can face financial penalties as well as reputational damage. Once customers and partners have lost faith in a business’s ability to keep their data safe, they are unlikely to continue doing business with that organisation.

Data is both friend and foe; it can help your organisation be more effective but it can also make you a target. Many organisations are holding onto massive amounts of data that they don’t need anymore. When the analysis project is done, businesses should look to dispose of the information safely. However, many organisations seem to have a fear of missing out if they delete their data.

Six important aspects to consider when looking to protect your data

We have identified six key considerations when you’re looking to protect your data and, with it, your brand’s reputation:

Decide what data really needs to be collected. Some businesses collect data for its own sake rather than for a specific analysis purpose. This is dangerous, as it leads to overwhelming amounts of data that are hard to protect. Make sure your organisation limits data collection to the information required for specific purposes. This is also a requirement of the Australian Privacy Act.

Understand the value of your data. Many organisations don’t even know what data they possess, nor do they know its value. This value increases the more data is connected. Until you know the value of your data, you can’t make informed decisions on what to do with that data and how to protect it.

Classify your data so it can be found. Data is constantly in motion. Classifying it makes it easier to find and, therefore, protect.

Employ a mature data infrastructure team. Managing your data appropriately is essential to minimising the risk. This means storing or managing the storage of your data in a way it can defend itself, or being able to de-personalise information where possible and deleting it where appropriate.

Know where your data lives. For some organisations, data lives in a mixture of on-premise and cloud-based repositories and is regularly transmitted for analysis purposes. It’s important to know where your data lives and how those locations may affect the safety. For example, data stored in offshore datacentres may not be subject to the same privacy laws as data held in Australia.

Your organisation shouldn’t be afraid to leverage big data. However, you have to make sure you protect yourself and your customers and stakeholders by putting strong security measures in place. This includes security technology as well as processes and policies designed to keep information safe, both at rest and in transit.